Installing shopping carts, Joomla, Vanilla Making Writable

General support questions
Post Reply
User avatar
johnplemons
Posts: 4
Joined: 2014/08/06 15:08:32
Location: Athens Tennessee
Contact:

Installing shopping carts, Joomla, Vanilla Making Writable

Post by johnplemons » 2014/08/07 14:21:17

In CentOS 7 some security changes were made to the HTML folder and Apache / Root. It is causing issues with the installation of some shopping carts, Joomla and Vanilla. They require certain folders and config.php files be writable in order to function.
With the new security lockdown in CentOS 7, the HTML directory and files are owned by root, but ran under user Apache. When you install for example Squirrelcart, it needs two directories and the config.php file to be writable and set to 0777. I can change them to 0777 making them writable to the world, the problem is that PHP is being run under Apache, and although the directory should be writable, it can't be written to by PHP.

Can someone one detail the best and or simplest way to allow these files to be written to by PHP?

I have PHP scripts that show the files as -rwxrwxrwx, but the script that checks for to see if the file is writable, shows it is not writable. With all the web searches I've hit a wall, I've tried the open_basedir command. Not sure if that is going in the right direction, or if I'm applying it correctly. I need some help and guidance.
John Plemons
Electro Mavin
423.746.2846
www.mavin.com
www.MavinAudio.com

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Installing shopping carts, Joomla, Vanilla Making Writab

Post by TrevorH » 2014/08/07 18:22:31

I think your diagnosis of the problem is incorrect since CentOS has always shipped /var/www/html owned root:root.

I suspect that it's more likely that selinux is forbidding any writes to the directory - as indeed it should.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
johnplemons
Posts: 4
Joined: 2014/08/06 15:08:32
Location: Athens Tennessee
Contact:

Re: Installing shopping carts, Joomla, Vanilla Making Writab

Post by johnplemons » 2014/08/07 19:51:55

That was it, I changed the setting to setenforce Permissive

The install script sprang to life and it looks like the cart will install, it passed the permissions check.

What is the best method of locking down Selinux while keeping my shopping cart writable?

Thank you by the way for the quick and accurate answer.

john
John Plemons
Electro Mavin
423.746.2846
www.mavin.com
www.MavinAudio.com

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Installing shopping carts, Joomla, Vanilla Making Writab

Post by TrevorH » 2014/08/07 19:59:11

One possible idea is that it really should only require write access to the config file during the installation - so setting it permissive while you install and then back to enforcing once installed would stop Mr J. Random Hacker from rewriting the config file once the install was complete. Another possible thing I can think of that may or may not work is to replace the config.php file with a symlink to somewhere that it is allowed to write and then amending the file permissions there to stop overwriting once the installation is finished. That may not work since some things break symlinks on update.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Greg_E
Posts: 143
Joined: 2014/04/04 18:53:45

Re: Installing shopping carts, Joomla, Vanilla Making Writab

Post by Greg_E » 2014/08/10 20:54:41

Instead of setting everything to permissive mode, how about correct the problem at the file level

viewtopic.php?f=48&t=47146

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Installing shopping carts, Joomla, Vanilla Making Writab

Post by TrevorH » 2014/08/10 21:52:10

This particular instance is probably a good candidate for using permissive mode since the *install* requires write access to the file but once the install is over, you don't want random people making changes to the file so writes should be denied.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Greg_E
Posts: 143
Joined: 2014/04/04 18:53:45

Re: Installing shopping carts, Joomla, Vanilla Making Writab

Post by Greg_E » 2014/08/10 22:30:57

Doesn't the OP want the cart to be writeable after getting it working? If not then setting SELinux back to block the writes is probably a quicker way to handle it.

I still find it odd that CentOS 6.5 defaulted to permissive and 7 defaults to locked down. Not that I have a great handle on SELinux policies, but it was a surprise when I found how to check this and ran it against both versions to see the contrast. Recently bought a eBook from packt publishing on SELinux, hope it was worth the $10usd I paid once I get to start on it.

http://www.packtpub.com/networking-and- ... nistration

Once you buy something from them direct or sign up for their daily deals, you get a lot of offers for 50 percent off, and that was a choice about a week ago. Yesterday was a book for wireshark which will hopefully explain some of the mysteries to me.

Bought a really good beginner's Joomla 3 book that I've been chewing through for work which started the whole daily deal thing. They've treated me very well when the second edition of the book came out a couple weeks ago, letting me upgrade at nearly cost for the printed version, so I can't complain about them. If you are an author they can apparently be a little aggressive trying to get you to publish through them, but as a consumer they seem to be pretty good so far. Bit off topic, but it explains the process, back to topic.

Post Reply